Three Months In and Class Actions for Not Being GDPR Ready Begin

Shareholder sues Nielsen, CEO and CFO, seeking class certification and damages over the Company’s alleged misleading statements regarding its preparedness for the GDPR and the impact the statute would have on the Company’s business.

This case is significant because the plaintiff’s claims do not allege violations of the GDPR, a well-known European Union data protection statute, but are grounded in U.S. securities law, for the defendant’s alleged lack of preparation for the GDPR and for making misleading representations with respect thereto.

Arun Bhattacharya (“Plaintiff”), a shareholder of Nielsen Holdings PLC (“Nielsen” or the “Company”) sued Nielsen and its CEO and CFO in United States District Court for the Southern District of New York last week, seeking class certification for all Nielsen shareholders who acquired their shares between February 8, 2018 and July 25, 2018, and alleging that the Company, the CEO and CFO, misled shareholders and the public about the potential impact of the E.U.’s 2018 General Data Protection Regulation (“GDPR”) on Nielsen’s revenue streams and the Company’s preparedness for the legislation.

According to the Complaint, Nielsen’s two business segments provide its clients with consumer behavior information and analytics across the consumer goods and media consumption sectors. Plaintiff alleges that Nielsen relies at least in part on consumer data provided by third-party data aggregators such as Facebook to generate its own consumer metrics for clients. Plaintiff further alleges that during the February -July 2018 period, Nielsen and its CEO and CFO, through shareholder documents, press releases and conference calls with investors and the finance industry, intentionally made false and misleading statements regarding the potential impact of the GDPR on the Company’s business : “[the GDPR] has been more of a non[-] event from our side as compared to how it played out for some others”; the Company’s compliance readiness for the privacy requirements of the statute : “GDPR, we’ve been focused on this for some time…. We’re ready. And we don’t see any significant impact for our . . . business.”; and whether the statute would affect Nielsen’s access to the third-party data upon which it relies for the analytics the Company provides its clients: “We still – we’ll still have access to all the data that we’re going to need for our products. So yes, we’re in good shape.”